Ecosystems of Privacy & the Internet of Things

Introduction

The Internet of Things (“IoT”) has arrived, generating an ever expanding range of privacy invading and data gathering technology. The networking of appliances, electronics, and personal assistants loaded with proprietary code allows pervasive tracking and monitoring of customers at a finer level of granularity then ever before. Yet recent news has shown that many of these implementations are severely deficient in regards to security, an ever pressing consumer concern in an increasingly tech-literate populace. Thus the challenge for the free software movement, and opportunity for vendors who want a common easy to work with platform with high security standards, is to create new or modify existing open platforms for internet of things connected devices which give consumers a choice and vendors a selling point.

'IoT' & the Evolving Landscape of Data Collection

The Internet of Things – that is the point at which computer processors and remote data storage are cheap enough and networking ubiquitous enough that the cost of a miniscule wireless computer drops near zero – is rapidly transforming our environment. McKinsey estimates that by 2020 twenty-six to thirty billion 'IoT' devices will be connected while networking giant Cisco (PDF) arrived at an estimated value of 19 trillion dollars over the next decade for the sector. One need only look at last year’s Consumer Electronic Show (“CES”) to have witnessed full mock-ups of living rooms, kitchens, and entire cutaway houses filled with a staggering array of ‘smart’ appliances from fridges to stove tops to thermostats, power meters, cameras, lights, and so on.

More relevant for the privacy enthusiast are two chief concerns. First, as the Wall Street Journal reports 'IoT' is increasingly about the services associated with devices, which necessitates a continuing relationship with proprietary software that collects the data associated with said use. Second, as the environment we live in becomes ever more closely scrutinized in an age where data mining is a lucrative endeavor with information sold to whoever can pay, the addition of 'IoT' into an ecosystems already crowded with proprietary operating systems which spy on you and routine deep packet inspection of internet traffic creates the dangerous situation where the privacy of entire societies is invaded in return for convenience in ever more intrusive ways.

Technical Solution & the Opt-Out Issue

Technical solutions for those who are technologically savvy enough to look for them and who wish to opt-in to an ecosystem that respects privacy abound, indeed keeping pace with the profusion of privacy invading devices and services which permeate the daily existence of millions. Linux and its various distros provide software that doesn’t data mine users by default – or if they do quickly change course due to the availability of forking and the social norms in that community. An inexpensive Raspberry Pi running 'RasBMC' can play any digital media required in an attractive, easy to use package that is entirely user-controlled. FreedomBox provides a user friendly, low cost way to maintain privacy online without a knowledge of networking. The list goes on.

Yet fundamentally all of these solutions are for those who choose to “opt-in” to privacy. The issue is that when comparing a default opt-out versus default opt-in system the difference in participation rate is staggering. An exemplar of this effect is seen in the varying rates of organ donation between similar countries, with the prime example being opt-in Germany with an organ donor rate of 12% compared to Austria’s opt-out system with an organ donor rate of 99.98%. Thus to preserve the privacy and prevent data collection of all those who desire it but may not be knowledgeable enough or have the time and resources to commit the entire ecosystem must change to one wherein individuals opt-out of a system that respects their privacy, rather than opting-in. This is especially true in the heightened intrusiveness of an 'IoT' world.

The Privacy Ecosystem

Understanding that the shift to a privacy ecosystem is essential, and in time the societal norms surrounding user control that come with it, the question becomes how to bring about this paradigm shift in the 'IoT' space. This is made more difficult as major players such as Apple, Google, Samsung, Panasonic, Sony, and others are currently designing proprietary ecosystems so as to create a lock-in effect wherein consumers are nudged towards buying products of the same brand via promises of interoperabiliy and ease of use.

Yet there are opportunities to effect change through the twin avenues of understanding the incentive structure of smaller 'IoT' players in conjunction with the power of free software. Excluded from the 'IoT' ecosystems of the giants, smaller competitors must find ways to provide additional value to the consumer either through lower prices or desirable features. One such key feature for 'IoT' besides privacy is security, which multiple recent studies have shown is a primary concern of consumers.

Free software can provide that security, and indeed there are already free software projects underway such as OpenHab whose goal is to provide security and support for hundreds of devices across a range of brands. Free software can thus be used as a value-add for smaller device makers who simply do not have the resources and expertise to do so on their own, as well as allowing a certain degree of interoperability. If projects such as this are successful via both community participation and the realization by smaller players that contributing to open-source makes commercial sense, then the current paradigm of closed ecosystems and little to no user control can be changed.

Conclusion

Through the use of free software which can provide greater security than most 'IoT' device makers can write on their own, in addition to the convenience of brand-agnostic interoperability, a privacy focused ecosystem in which users must opt-out of user control rather than opt-in can be achieved.

There are technical accuracy problems in the draft that can be fixed
most easily if you stick to what you know for sure yourself, having
learned what you know by using things or by talking to people who
have demonstrated to you.

But then there are the parts that you have misrepresented because
you don't yourself have primary experience or anyone to talk to.
"IoT" devices from the point of view of the Net as a whole are just
things using wifi. If the router upstream from them is arranged to
keep them from leaking information, the home or other place where
that router corrals those devices will be a closed Internet of
things, which most of the time is what most of the people want most
of their devices to be.

Hence the desire to build service models on top of the devices, so
as to keep the user connected regardless of the intervening
firewalls that should be there. But it is reasonable to imagine the
next step on the side of the engineering of freedom, if that's what
you're into. I don't see the right ideas in this draft, however.
Once again, the best route to improvement is to write what you know,
and learn what you need to know as close as possible to first hand.

Navigation

This site is powered by the TWiki collaboration platform. All material on this collaboration platform is the property of the contributing authors. All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.